[OS-BUILD PATCHv2 6/6] redhat: Use redhatsecureboot701 for ppc64le

"Jan Stancek (via Email Bridge)" <cki-gitlab@xxxxxxxxxx> · Tue, 09 Jan 2024 10:30:54 -0000

From: Jan Stancek <jstancek@xxxxxxxxxx>

redhat: Use redhatsecureboot701 for ppc64le

Forward-port of c9s commit
    dd9a91221db9 ("redhat: Use redhatsecureboot701 for ppc64le")

Conflicts: RHEL has certs stored in system-sb-certs package,
           but ARK/Fedora has them in tree.

When addressing CVE-2022-1665 the ppc64le signing keys were rotated but
the kernel itself was not updated to use the new key.

Signed-off-by: Patrick Talbert <ptalbert@xxxxxxxxxx>
Signed-off-by: Prarit Bhargava <prarit@xxxxxxxxxx>
Signed-off-by: Jan Stancek <jstancek@xxxxxxxxxx>

diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
index blahblah..blahblah 100644
--- a/redhat/kernel.spec.template
+++ b/redhat/kernel.spec.template
@@ -843,7 +843,7 @@ Source13: redhatsecureboot501.cer
 %define pesign_name_0 redhatsecureboot302
 %endif
 %ifarch ppc64le
-%define pesign_name_0 redhatsecureboot601
+%define pesign_name_0 redhatsecureboot701
 %endif
 %endif
 # rhel && !eln

--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2849
--
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue







